[ad_1]
Technology of the future? — Image by © Tim Sandle
Following the U.S. National Security Agency’s Cybersecurity Information Sheet with guidance for organizations to adopt zero-trust framework principles, the threats facing businesses show no sign of abating.
Looking into the essential points for adopting such a framework for Digital Journal is Kevin Kirkwood, Deputy CISO at LogRhythm.
Kirkwood begins by unwrapping the new guidance, noting: “The National Security Agency has unveiled a proposed first stages of a maturity model and use case that outlines the journey that government agencies should be on to achieve a zero trust architecture (ZTA) in a cybersecurity information sheet (CSI)”
Zero Trust is an approach taken to cybersecurity that seeks to secure an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. One example is with multifactor authentication.
To put this into context, Kirkwood draws on: “The use case highlights the 2013 Target breach that was achieved through compromised credentials on an HVAC (heating, ventilation and air conditioning) system that allowed bad actors to move laterally and horizontally across networks and systems to exfiltrate customer information. This case serves as a foundation for describing what could be achieved through network controls that align with the ZTA.”
Vigilance is important for preventing these cybersecurity events from manifesting. Kirkwood recommends: “Continuous monitoring and automation provide an underpinning foundation to achieve all pillars associated with a ZTA implementation. Security Information and Event Management (SIEM) platforms emerge as indispensable resources for organizations transitioning towards continual threat monitoring, maintaining visibility, and enabling risk-based responses across all pillars of the ZTA with a particular emphasis on network and environmental factors.”
This requires planning and execution. Kirkwood recommends: “This ongoing process of evaluation and trust calibration empowers organizations to swiftly identify potential threats, fostering a more pre-emptive cybersecurity posture.”
There will be learning points for firms as they navigate the requirements. Here Kirkwood observes: “As organizations navigate the evolving landscape of cybersecurity threats, the adoption of ZTA presents a crucial step toward bolstering defences and safeguarding critical assets. This CSI goes a long way towards arming IT and Security leaders with the information and a path to follow to achieve the goal of protecting their organizations through ZTA.”
Once threats have been identified, actions are necessary. Kirkwood acknowledges this, pointing out: “It’s imperative for organizations to take decisive action by embracing Zero Trust principles and implementing robust security measures tailored to their specific needs. By doing so, organizations can fortify their resilience against emerging threats and uphold the integrity of their digital ecosystems.”
[ad_2]
Source link
